From 916e56208b8865ed30031a07cfcc9017fc6d298d Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 19 Oct 2014 01:29:04 +0100 Subject: [PATCH] remove FIPS module code from crypto/evp Reviewed-by: Tim Hudson --- crypto/evp/e_aes.c | 36 +++++++++++------------------------- crypto/evp/e_des3.c | 6 +++--- crypto/evp/e_null.c | 3 +-- crypto/evp/evp_cnf.c | 4 ---- crypto/evp/m_dss.c | 2 +- crypto/evp/m_dss1.c | 2 +- crypto/evp/m_ecdsa.c | 2 +- crypto/evp/m_sha1.c | 15 +++++---------- 8 files changed, 23 insertions(+), 47 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 2222188849..0f4481e8e6 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1285,9 +1285,9 @@ static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, return 1; } -BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS) -BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS) +BLOCK_CIPHER_generic_pack(NID_aes,128,0) +BLOCK_CIPHER_generic_pack(NID_aes,192,0) +BLOCK_CIPHER_generic_pack(NID_aes,256,0) static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) { @@ -1330,11 +1330,6 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_GCM_SET_IVLEN: if (arg <= 0) return 0; -#ifdef OPENSSL_FIPS - if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) - && arg < 12) - return 0; -#endif /* Allocate memory for IV if needed */ if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { @@ -1838,11 +1833,11 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | EVP_CIPH_CUSTOM_COPY) BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM, - EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) + EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -1976,15 +1971,6 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, return 0; if (!out || !in || lenflags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) && - (len > (1UL<<20)*16)) - { - EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE); - return 0; - } -#endif if (xctx->stream) (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, ctx->iv); @@ -2000,8 +1986,8 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ | EVP_CIPH_CUSTOM_COPY) -BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS) -BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,XTS_FLAGS) static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { @@ -2183,9 +2169,9 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, #define aes_ccm_cleanup NULL -BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,CUSTOM_FLAGS) typedef struct { diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index eb4c472244..7d22407479 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -246,17 +246,17 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8, - EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1, + EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 9ca12ee243..4612db3df8 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -68,8 +68,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, static const EVP_CIPHER n_cipher= { NID_undef, - 1,0,0, - EVP_CIPH_FLAG_FIPS, + 1,0,0,0, null_init_key, null_cipher, NULL, diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 2e4db30235..8e78450bec 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -64,10 +64,6 @@ #include #include #include -#ifdef OPENSSL_FIPS -#include -#endif - /* Algorithm configuration module. */ diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c index c9ab07349f..1c7105102d 100644 --- a/crypto/evp/m_dss.c +++ b/crypto/evp/m_dss.c @@ -81,7 +81,7 @@ static const EVP_MD dsa_md= NID_dsaWithSHA, NID_dsaWithSHA, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST, init, update, final, diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index 5216ffd977..553c3b7754 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -82,7 +82,7 @@ static const EVP_MD dss1_md= NID_dsa, NID_dsaWithSHA1, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST, init, update, final, diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c index aeb36ba2be..8a52925e4e 100644 --- a/crypto/evp/m_ecdsa.c +++ b/crypto/evp/m_ecdsa.c @@ -131,7 +131,7 @@ static const EVP_MD ecdsa_md= NID_ecdsa_with_SHA1, NID_ecdsa_with_SHA1, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_PKEY_DIGEST, init, update, final, diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index f5eccb7e25..a0bfd99d22 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -68,11 +68,6 @@ #include #endif -#ifdef OPENSSL_FIPS -#include -#endif - - static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); } @@ -87,7 +82,7 @@ static const EVP_MD sha1_md= NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init, update, final, @@ -124,7 +119,7 @@ static const EVP_MD sha224_md= NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init224, update256, final256, @@ -143,7 +138,7 @@ static const EVP_MD sha256_md= NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init256, update256, final256, @@ -174,7 +169,7 @@ static const EVP_MD sha384_md= NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init384, update512, final512, @@ -193,7 +188,7 @@ static const EVP_MD sha512_md= NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT|EVP_MD_FLAG_FIPS, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, init512, update512, final512, -- 2.25.1